We have had Norton AV programs for years and currently have 360. We do a full scan every week and have always done so in regular mode. This week our scan stopped after scanning about 130,000 files and started rebooting the computer. We tried this a couple times and the same thing kept happening. The only error screen/message we got flashed so quickly we couldn't read it entirely, it was blue screen that said something to the effect of symefa.sys file.
We went to safe mode and it completed a full scan. Being computer novices and always very leary of viruses, we weren't confident this fully checked our system and we have not used the internet since then. I chatted with support today and explained the above. They said we should always run scans in safe modes as sometimes, some files are not recognized and it can stop a scan.
I have searched many of the threads here and couldn't find this exact problem, so I wanted to see the experts here concur with that advice.
Running scans in Safe Mode is a good general rule, because the nasties are more likely to be inactive, and less able to conceal themselves or prevent their removal.
That said, I have seen several experts suggest that the free version of malwarebytes be run in regular mode, just to detect what's there, precisely because the nasties are more likely to be active so their effects can be seen. There seems to be some debate on this matter, but that's my sense of how it's leaning
Then for actual removal of anything that might have been detected, run (1) the full version of malwarebytes, then (2, if necessary) Norton Power Eraser in Safe Mode as you were advised.
And let us know how it works out, as there are other forums that can best advise you, one-on-one, in the event you're still having trouble after that.
As a someone who knows very little about AV's and such, running Malawarebytes won't interfere with Norton, I know I often read not to have two different AV's on a computer.
But thanks for the reassurance that running 360 in safe mode is in fact a good practice.
Malwarebytes has been specifically cited here as compatible with Norton, so it's safe. It fills a niche in a "layered defense" against nasties, alongside Norton 360 for your primary protection (keeping them off your system, plus some light diagnosis and removal) and Norton Power Eraser for the heaviest-duty intervention you want to try on your own without expert consultation!
BTW, what Safe Mode does for you is it loads Windows with the absolute minimum number of drivers and programs needed to run your system; this gives the nasties less chance to get loaded into your memory where they can play tricks with the AV software. A particularly bad class of malware called a "rootkit" will not be dodged this way, though, and will require more advanced techniques for removal...but malwarebytes will at least alert you to their presence--even if only by locking up when you hit a tripwire!
Great, thanks again for the advice. We'll install that and continue to scan in safe mode as advised. I'll report back in a couple days to update the thread with any issues or mark it solved.
Make sure that the free version of Malwarebytes is used as there is no real time scanning. The free version works as an on demand scanner. It is unlikely to find a rootkit, but it does identify malware that is downloaded by the rootkit so it is a good indicator of deeper issues.
Check your machine manufacturer, if it is a laptop, for updated drivers for video and audio as driver conflicts are of the most common causes of BSOD's. Otherwise you can check the manufacturers' websites for your specific hardware.
Delphinium...Thanks for jumping in as well with the addtional info. As for the machine it is a Dell desktop XPS running Vista.
We were really confused, not knowing if it was a Norton issue, a dell issue or windows issue. I was only aware of it happenng during the Norton scan so I thought it would logically be an issue with the application. My wife told me it happend once when she was in just looking on the internet in IE as well.
Sometimes it is very hard to tell which drivers are actually the problem. The Norton file will be the last one in line that Windows is reporting, but whether it triggered the crash or was affected by another driver is never clear. Malware, during a scan can cause a crash, but it is unlikely to do so while browsing. That might be more likely to be a video or network card driver. Other security software on the machine can also cause conflicts.
If it still is happening after updating, we will have to dig a bit deeper.
Malwarebytes' does recommend that scanning be done in Normal mode unless Safe Mode is the only option. In Safe Mode, some components of Mawarebytes' do not load, and this does affect the ability of the product to detect and remove some types of threats. To my knowledge, Norton's scans are not hindered by running them in Safe Mode, and if an infection is suspected Safe Mode sometimes offers a better opportunity to remove a threat that may not be active in that mode. Such is the conventional wisdom.
As we were doing more research on this last night, we see we have 360 version 3, each year we've just been renewing and I guess not upgrading or buying any new versions.
So my wife asked me if I thought just removing 360 v3 and outright purchasing V5 would by chance solve it. If it would be an easy fix, we don't mind paying the new purchase price (even though we have 199 days left on the old subscription).
Also are there any hints or things we shoudl know before uninstalling V3. Last time we tried to uninstall a AV program about 5 years ago it never uninstalled completely (it wasn't norton, it was another brand) At the time we had ME and decided it was time to switch to a more upgraded OS anyway.
Thanks for any additional thoughts on this approach.
Well, it certainly wouldn't hurt to upgrade once you're certain your machine is clean. But it is highly unlikely that the symtom you reported at the beginning would arise from your product being an old version (unless by it being an old version, a new and more sophisticated form of malware had been able to do an end run around it.
So your first order of business--from my reading of the above--remains downloading and running the free version of malwarebytes, as suggested by dephinium and our Gurus, then letting us know what it comes up with.
There's no point in buying a spiffy new version of Norton to install over a well-entrenched rootkit....
You are able to upgrade to each new version for free when you have a valid subscription. As recommended by DistEd2, I would suggest checking first for malware because of the reboot. It could also have been an update gone wrong, but it never hurts to check.
Make sure that your drivers are updated. Let us know what version of N360 you have. It could be N360 standard with 2 G of Online storage or it could be N360 Premier with 25 G of Online storage. Once you are checked and updated, let us know and we will provide tools to remove and reinstall the correct version.
You will need to have your activation key for the v3 product handy.
Dist and Delphi...Thank you both for your continued help and patience on this issue. I here what you are saying about malawarebytes. I guess we (my wife and I) have both become even less informed about AV Programs and the such than we were a few years ago. Neither of us have heard of it, and just assumed if you had a good reputable AVP you were good to go.
I see from all the discussion this must not be the case these days. I certainly understand how putting a new product on old problem isn't going to fix it. So we'll hold our breath and take the plunge with the malawarebytes.
Sorry to be such a hesitant novice on this. On other forums of my expertise (golf) I often give advice to new players on parts of the game they are not familar with, just as you have done so patiently with me, I appreicate it.
Norton--with version and definitions kept current--is IMHO the best security suite out there; that's why it's what I've kept on all my own machines for a couple of decades now. But there are new nasties being created every day...and like any other security software, if you have the bad luck to encounter one before the security world becomes aware of it (exceedingly unlikely, but not impossible!) it can still get you. That's why safe computing practices and a good understanding of the threat is always the most important part of your layered defense against malware. Then comes Norton, to block anything that might get past you anyhow. Then comes malwarebytes, which is especially handy because it has a free version without realtime scanning (which would conflict with your Norton product) that you can run in your computer's Regular Mode if you think a nasty has burrowed its way in regardless.
And then come some highly-specialized forums, where people like Quads (who you're likely to see around here!) will work with you one-on-one, step-by-step, until even the most tenacious, deeply-entrenched rootkit is dug out of your OS and you're back in business.
You are in some of the best hands available here. Until this thread is marked as 'solved' quite a few of us will stop by to see if we can add anything to the discussion which will be useful to you.
I have the free version of Malwarebytes scanner installed and current on my system. It is Norton compatible and complimentary. I like the availability of a second opinion when things don't look quite right. My first copy of Norton was on a 5.25" floppy and purchased in 19xx. I've kept NAV or NIS on my system ever since.
Delphi and Dist...Thank you both (and others) for all your input and help in this matter. With the help of Norton Online Chat we were able to determine that our very very old version 2.8 something was creating a problem. He suggested uninstall the old version, run power eraer then install V5. He actually did all this for me by remoting in. He had a small problem with the new install first, but then was able to get it to install. We ran both a quck scan then a complete scan and it completed finding no problems.
Another question, I want to make sure I followed proper protocol. There was actually more than one post in this thread that helped solve the issue, should I mark each of those as solved or does it only allow one to be marked in such a way. I want to make sure I don't slight anyone who helped.
We have been able to use the machine since with no issues as well. Thanks to everyone for providing such a great resource for help. I hope I don't have to use it very often, but it' nice to know you all are here :)
I feel safe speaking for the lot of us in saying how delighted we are to hear you have everything running smoothly again! Unfortunately (IMHO) there is no way to "distribute the credit" of a solution, so there I can only thank you for choosing me to bestow it on.
God forbid that there should be a "next time" (or even "next issue") for you...but if there is, and I am again a <i>part</i> of its resolution, just remember to give the credit to someone else!
In the meantime--and in all seriousness--what I would encourage you to do is to go back through the thread and liberally apply Kudos to every post but mine that you found even remotely helpful. We're here to help you, not to earn these credits--but it's always nice to know we have helped, and it's appreciated...and unlike Solutions, there are no limits on the number of people you can give Kudos to on a single thread!
Once again, thanks for letting us know all is again well with your computers!
We are all pleased that you are up and running. That success is the payment we work for. It is partly our bad for not asking what version you had on board.
If you can't pick just one then choose one of yours. The primary point being that the thread gets marked and everyone can read the messages to glean the useful information. It will also reduce the number of visitors who stop by thinking that there is a problem and they may be able to help